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Facing  some  hard  questions 


By  CW5  Todd  M.  Boudreau 

If  your  most  savvy  adversary  is  currently  using 
your  highways  and  byways  to  transport  goods, 
they  are  stealing  from  you.  Although  they  may 
possess  the  ability  to  disrupt  your  motorways  and/ 
or  destroy  your  roads,  to  do  so  would  negatively 
affect  their  own  operations. 

However,  if  there  was  a  shift  that  caused  the 
adversary  to  value  stopping  our  use  of  the  road¬ 
ways  more  than  their  use  of  them  to  transport  sto¬ 
len  goods,  would  we  be  prepared  to  defend  them... 
every  one  of  them? 

So  what  does  a  conversation  that  may  be  best 
suited  for  Homeland  Defense  have  to  do  with  cy¬ 
ber  defense?  Change  the  environment  and  the  sce¬ 
nario  remains  constant.  Open  source  intelligence 
acknowledges  that  our  communications  platforms 
and  transport  systems  (i.e.,  data  highways)  are 
under  constant  attack  through  probes  and  malware 
every  day.  Much  of  what  we  see  is  cannon  fodder. 
However,  unmitigated  it  drastically  increases  the 
noise  floor  making  it  possible  for  a  skilled  adver¬ 
sary  to  surreptitiously  enter  our  networks,  gain  a 
foothold  into  our  information  systems,  and  begin 
Computer  Network  Exploitation  actions  such  as 
exfiltrating  data. 

If,  however,  there  is  a  change  in  relations  with 
said  adversary  due  to  a  political  decision  or  kinetic 
contest  somewhere  in  the  world,  said  adversary 
could  easily  shift  from  CNE  operations  to  a  Com¬ 
puter  Network  Attack  posture.  With  the  criticality 
of  our  technology  systems  to  our  combat  opera¬ 
tions,  are  we  ready  to  operate  while  an  adversary 
attempts  to  manipulate  data  and/ or  to  disrupt  the 
operations  of,  deny  our  uninterrupted  access  to, 
and/or  destroy  our  information  systems? 

Few  today  would  argue  that  defending  our 
communications  systems  and  the  critical  informa¬ 
tion  within  them  is  more  than  a  full-time  job;  but 
not  so  many  understand  that  everyone  has  a  level 
of  responsibility. 

Just  as  a  reminder,  take  a  moment  to  remember 
(or  imagine  for  those  who  did  not  live  the  days  of 
Mobile  Subscriber  Equipment  and  Tri-Service  Tac¬ 
tical;  MSE  and  TRI-TAC  respectively,  the  magni¬ 


tude  of  barriers  our  opponents  faced  in  the  days  of 
MSE  and  TRI-TAC  to  gain  entrance  into  our  mili¬ 
tary  networks,  just  under  the  perspective  of  equip¬ 
ment,  architecture,  and  investment.  The  equipment 
used  under  the  MSE  and  TRI-TAC  programs  was 
proprietary;  Commercial-off-the-Shelf  equipment 
had  not  yet  been  popularized  in  tactical  transport 
services. 

The  architecture,  even  though  it  included 
meshed  networks,  was  based  off  a  circuit  switched 
paradigm  which  afforded  some  level  of  Low-Prob- 
ability-of-Interception.  So,  there  was  a  substantial 
investment  required  to  attack  such  a  communica¬ 
tions  system. 

Those  with  intent  to  attack  our  networks  did 
not  necessarily  pose  a  threat  since  they  did  not  also 
possess  knowledge  of  vulnerabilities  and  the  capa¬ 
bility  to  exploit  said  vulnerabilities.  As  the  equip¬ 
ment  was  mostly  proprietary,  an  adversary  would 
need  to  obtain  and  reverse  engineer  our  equip¬ 
ment,  and  then  identify  vulnerabilities;  then  such  a 
foe  would  need  to  create  or  exploit  the  opportunity 
to  intercept  a  circuit  switched,  encrypted,  timed 
trunk  dependant  communications  link  -  all  huge 
barriers  in  themselves. 

Today,  however,  over  ninety-percent  of  our 
military  communications  infrastructure,  platforms, 
and  programs  are  COTS;  software  and  equipment 
available  to  anyone.  Our  current  TCP/IP  architec¬ 
ture  was  developed  for  transparency,  interoper¬ 
ability,  and  technology  insertion;  not  necessarily 
with  security  in  mind.  As  vulnerabilities  are  identi¬ 
fied  they  are  oftentimes  posted  in  the  open  for  all 
to  see.  Capability  sets  to  attack  and  exploit  such 
vulnerabilities  are  easily  obtainable. 

So  the  substantial  investment  required  to  at¬ 
tack  has  been  significantly  reduced,  creating  a 
converse  and  exponentially  increased  investment 
required  to  defend;  the  Federal  Government  re¬ 
portedly  spent  $12B  in  IT  Security  in  2010;  15%  of 
its  total  IT  spending. 

Those  with  intent  to  harm  our  military  commu¬ 
nications  networks  and  to  exploit  and/ or 
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How  well  are  we  prepared  to  face  a  peer,  or  even 
a  near-peer  adversary  in  our  cyberspace? 


(Continued  from  page  13) 

manipulate  critical  information  merely  need  to 
know  where  to  look  to  find  a  virtual  cornucopia  of 
attack  capabilities.  With  $50k,  anyone  with  incli¬ 
nation  and  desire  can  hire  a  botnet  and  launch  a 
distributed  denial-of  service  attack;  similar  to  those 
that  struck  South  Korea,  Georgia,  Estonia,  and  yes, 
even  segments  and  portions  of  the  United  States. 

While  in  the  past,  the  technical  complexity 
required  of  the  attack  capability  was  to  our  advan¬ 
tage,  today  various  aspects  of  technology,  to  in¬ 
clude  its  availability,  have  added  to  the  necessary 
technical  complexity  of  the  defense  capability.  For 
example,  the  average  low-tech,  yet  often  effective, 
attack  toolset  is  in  the  order  of  hundreds  of  lines  of 
code,  whereas  the  average  defense  toolset  is  in  the 
order  of  millions. 

What  is  needed  is  the  ability  to  invoke  a 
machine-on-machine  response  in  order  to  coun¬ 
ter  attacks  made  at  network-speed.  And  while  we 
have  made  great  strides  toward  that  end,  a  myriad 
of  obstacles  have  yet  to  be  breached.  To  that  end, 
we  need  everyone  involved  in  the  defense  of  our 
communications  networks  and  systems.  I  could  go 
on  and  talk  about  the  need  for  the  common  user  to 
understand  cyberspace  as  an  operational  domain 
and  to  be  able  to  make  parallel  connections  such  as 
viewing  emails  from  unknown  recipients  as  pos¬ 
sible  unexploded  ordinance  or  cyber  incoming.  I 
could  also  spend  time  talking  about  how  important 
it  is  for  our  senior  leaders  to  understand  the  im¬ 
minence  of  the  threat  and  consciously  measure  the 
importance  of  our  essential  cyber  terrain.  Howev¬ 
er,  instead  I  would  like  to  challenge  us,  Signaleers, 
Cyber  Warriors,  those  of  us  interested  enough  to 
read  the  articles  in  this  Army  Communicator. 

How  well  are  we  prepared  to  face  a  peer,  or 
even  a  near-peer  adversary  in  our  cyberspace? 
Beyond  establishing  an  up-armored  cyber  defen¬ 
sive  posture,  beyond  ensuring  all  policies  and 
governance  has  been  followed,  beyond  ensuring  all 
systems  are  patched  and  up-to-date,  are  we  pre¬ 
pared  to  build,  manage,  and  shape  our  cyberspace 
to  ensure  we  maintain  the  advantage  when  our  ad¬ 
versaries  have  entered  and  are  performing  disrupt, 
deny,  destroy  operations?  When  our  networks  and 
networked  systems,  installed,  operated,  and  main¬ 
tained  by  us  are  no  longer  uncontested  operational 


space,  are  we  ready,  prepared,  and  able  to  ensure 
uninterrupted  Mission  Command  Essential  Capa¬ 
bilities? 

While  we  are  shaping  our  cyber  workforce 
to  include  expert  defenders  who  are  able  to  un¬ 
derstand  the  adversaries  tactics,  techniques,  and 
procedures,  response  actions,  or  better  yet  preemp¬ 
tive  response  actions  within  our  own  LandWarNet 
requires  experts  in  transport  and  complex  Mis¬ 
sion  Command  systems  as  well.  As  I  asked  in  my 
opening  comments,  although  we  have  a  NetOps 
construct,  are  we  really  conducting,  or  even  able  to 
conduct  true  Network  Operations?  Are  our  experts 
in  transport  and  routing  able  to  make  changes 
beyond  reactive  optimizations  based  on  band¬ 
width  demands?  Are  our  experts  in  establishing 
data  services  able  to  adapt  beyond  a  static  model 
of  Mission  Command  service  expectations  and  out 
maneuver  an  aggressive  adversary  in  a  contested 
battle-space?  Are  we  collectively  trained,  tested, 
and  prepared  to  conduct  NetOps? 

Armed  with  knowledge,  actionable  intelli¬ 
gence,  and  a  host  of  tools  (both  specifically  spe¬ 
cialized  as  well  as  converged  such  as  the  Defense 
Information  Systems  Agency's  Host-Based  Security 
System)  our  expert  cyber  defenders  hunt  for  poten¬ 
tial  adversarial  activity  used  to  prepare  for  CNE 
and/or  CNA  activity  in  order  to  catch  and  posture 
for  response  actions  before  any  damaging  activities 
can  be  accomplished.  Once  anomalous  activity  is 
identified  and  categorized  as  adversarial,  pre-coor- 
dinated  actions  in  accordance  with  an  established 
playbook  are  initiated.  In  many  cases,  such  actions 
will  include  immediate  preemptive  transport  rout¬ 
ing  modifications  as  well  as  data  screening,  filter¬ 
ing,  and  transition  to  alternate  servers. 

The  cry  of  this  article  is  for  an  understood, 
acknowledged,  collectively  trained  NetOps  posture 
enabling  us  to  make  appropriate  adaptations  to  our 
operational  portion  of  cyberspace  in  the  midst  of  a 
peer  or  near-peer  adversary's  attempt  to  deny  us 
freedom  of  movement,  disruption  of  critical  ser¬ 
vices,  and/or  manipulation  of  critical  information. 
Are  we  there  yet?  If  not,  either  by  design  or  by 
necessity... NetOps,  here  we  come. 

CW5  Todd  M.  Boudreau  is  the  U.  S.  Army  Signal 
Regiment  Chief  Warrant  Officer. 
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